NTCP: Ban IP if RI signature fails

2022-01-25 12:22:57 -05:00
parent b6be2d7e65
commit afa7278080
1 changed files with 9 additions and 2 deletions
--- a/router/java/src/net/i2p/router/transport/ntcp/InboundEstablishState.java
+++ b/router/java/src/net/i2p/router/transport/ntcp/InboundEstablishState.java
@@ -471,10 +471,17 @@ class InboundEstablishState extends EstablishBase implements NTCP2Payload.Payloa
            } catch (DataFormatException dfe) {
                if (_log.shouldWarn())
                    _log.warn("Bad msg 3 payload", dfe);
-                // probably RI problems
+                // probably RI signature failure
                // setDataPhase() will send termination
-                if (_msg3p2FailReason < 0)
+                if (_msg3p2FailReason < 0) {
                    _msg3p2FailReason = NTCPConnection.REASON_SIGFAIL;
+                    // buggy/forked and very persistent i2pd
+                    // So next time we will not accept the con from this IP,
+                    // rather than doing the whole handshake
+                    byte[] ip = _con.getRemoteIP();
+                    if (ip != null)
+                        _context.blocklist().add(ip);
+                }
                _context.statManager().addRateData("ntcp.invalidInboundSignature", 1);
            } catch (I2NPMessageException ime) {
                // shouldn't happen, no I2NP msgs in msg3p2